A map of fitness-tracker data may have compromised top-secret US military bases around the world

A map of activity in Djibouti that has drawn comment from security analysts. Strava

An interactive heat map from the fitness-tracking app Strava appears to have exposed sensitive sites.

Hackers or state actors could use the information to find military bases.

Bases of multiple nations were exposed, but as the US has the biggest global presence, it stands the most to lose.

Over the weekend a company called Strava, a social network for people who want to track their workouts, updated an online map showing the routes of 1 billion workouts in 2017.

But in doing so, it seems to have exposed secret US military bases in Turkey, Syria, and Yemen.

Strava drew on data from devices like Fitbits or smartphones that people use to track workouts such as runs or bike rides. But fitness-tracker users skew Western, young, and active. In countries like Niger, the heat map appears to highlight the activity of US troops on military bases keeping fit.

The result is potentially damning for the US military's operational security.

A bright spot indicating activity in Agadez, Niger, where the US has a drone base. There is almost no Strava data in the rest of the country. Strava

Previously covert bases may have been exposed, and highly trafficked locations within known bases have been highlighted.

Additionally, some users may have left the trackers on while going about normal business. Important supply routes and key daily routines have most likely been picked up by the heat map.

"Some light markers over known Russian positions, no notable colouring for Iranian bases … A lot of people are going to have to sit through lectures come Monday morning."

But the most dangerous element of the heat map isn't the aggregated lines — it's the potential to determine which person drew which line. Anyone who gains access to Strava's data, legally or otherwise, can then track a specific person's movement, Jeffrey Lewis points out at the Daily Beast.

A user who works out frequently at a known military base, say a missile base, and then uses the app at another location may draw attention to a previously unknown site of interest.

This data could inform both state and nonstate actors as to where to attack in the case of war.

The US is not alone in being exposed — apparent Chinese joggers in the South China Sea contributed data to the Strava map, as did workers on Taiwan's secret missile bases. But the US's larger presence around the globe means it has more to lose.

After the map came out, internet users in short order identified some of the most sensitive US military sites around the world.

Here Lewis seems to think US troops are running around the US's nuclear weapons in Turkey.

Here a Twitter user cross-referencing other open-source analysis seems to think he's spotted a CIA "black site," or somewhere that unacknowledged covert work is taking place, in Djibouti.

Whatever is going on here in the desert of Yemen is likely to come under increased scrutiny.

But interestingly enough, the Pentagon, which is the headquarters of the Department of Defense, the biggest office building in the world, and the best-known US military command center in the world, is dark.